Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/TnQKWeQupyg_M_HldmwYeDDgvhk.roa
File:                     TnQKWeQupyg_M_HldmwYeDDgvhk.roa (raw, json)
Hash identifier:          M0Vpxy4Nn+gAxwO25JaUvS5hbetyj91H/ndxZ7DoUCo=
Subject key identifier:   4E:74:0A:59:E4:2E:A7:28:3F:33:F1:E5:76:6C:18:78:30:E0:BE:19
Certificate issuer:       /CN=8ccc82a5bee3a9363303c33cdcdd36efc68f8b44
Certificate serial:       019CBE369BBC13DC6EC12BA5038FA81C5944
Authority key identifier: 8C:CC:82:A5:BE:E3:A9:36:33:03:C3:3C:DC:DD:36:EF:C6:8F:8B:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/TnQKWeQupyg_M_HldmwYeDDgvhk.roa
Signing time:             Thu 05 Mar 2026 13:36:15 +0000
ROA not before:           Thu 05 Mar 2026 13:36:15 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     8075
IP address blocks:        185.192.184.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 27 Mar 2026 00:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9c:be:36:9b:bc:13:dc:6e:c1:2b:a5:03:8f:a8:1c:59:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ccc82a5bee3a9363303c33cdcdd36efc68f8b44
        Validity
            Not Before: Mar  5 13:36:15 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=4e740a59e42ea7283f33f1e5766c187830e0be19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:e8:03:0b:a8:8f:e0:be:a0:1b:29:6d:d4:b0:
                    f0:e9:27:f9:02:c0:ae:a9:d2:f3:b5:84:ff:a3:ce:
                    9e:e3:bc:5e:3c:5f:68:fc:94:d8:df:b9:64:64:61:
                    d2:88:ce:0a:78:36:07:d0:f9:53:9b:1a:4b:fa:33:
                    10:03:f4:a8:f4:9e:31:a3:1b:32:ff:2b:b1:fd:0b:
                    ef:0a:27:f0:32:cd:04:49:c8:b1:95:0c:02:a1:80:
                    bd:e9:b6:fc:6e:cd:30:28:dc:7d:94:a7:d1:ba:e7:
                    2d:70:c4:76:12:ab:70:c7:5e:08:21:37:e3:bf:12:
                    2d:29:9c:17:05:51:33:e1:5b:a9:5b:1a:50:cb:44:
                    c6:72:b0:67:6f:e9:14:b0:d2:82:73:66:b3:ff:e2:
                    18:30:fe:24:d7:76:e4:b0:38:22:ea:4c:49:12:63:
                    b6:c3:f1:d4:b7:b9:b9:1d:5d:79:52:d3:00:c1:98:
                    d8:ad:48:b1:8a:47:68:df:aa:1c:e8:40:52:19:82:
                    1a:ac:73:b8:b0:5e:85:75:bf:8e:f8:e5:1d:98:30:
                    8c:43:c0:b2:24:8b:e9:df:b2:df:80:bf:43:27:be:
                    19:2b:49:00:77:31:37:f8:7c:c0:d5:7c:73:07:79:
                    8a:3f:ef:fb:b2:14:c6:33:9b:eb:1b:52:c2:3d:fb:
                    12:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:74:0A:59:E4:2E:A7:28:3F:33:F1:E5:76:6C:18:78:30:E0:BE:19
            X509v3 Authority Key Identifier:
                keyid:8C:CC:82:A5:BE:E3:A9:36:33:03:C3:3C:DC:DD:36:EF:C6:8F:8B:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jMyCpb7jqTYzA8M83N0278aPi0Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/TnQKWeQupyg_M_HldmwYeDDgvhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/eb5fd2-b974-47c9-b924-bebda1608d09/1/jMyCpb7jqTYzA8M83N0278aPi0Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.192.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:11:16:43:ed:3f:89:f1:2a:14:85:f2:40:8c:b3:3e:93:ca:
         ab:c4:9a:81:28:d0:d3:4a:2f:54:09:86:1d:09:f5:01:e7:e6:
         cb:da:0f:3a:69:7f:5d:3b:52:53:70:01:b2:74:ab:9e:17:5d:
         8f:ee:d8:2f:a4:0c:82:96:5c:d2:c8:63:3e:4c:51:c4:5e:36:
         31:06:ff:03:6f:9e:bf:9e:0e:e6:12:d7:b6:6a:ed:73:27:3b:
         d5:87:18:48:0f:0b:33:41:be:da:55:f9:81:10:22:e0:3c:b5:
         16:4c:f3:8a:b3:dc:01:14:99:f4:8a:23:a2:00:11:41:cd:1d:
         fd:f4:1f:a8:5d:1d:57:0f:67:a2:09:ca:c4:df:5c:86:3b:2e:
         3c:98:1b:2a:f5:ed:1c:14:f0:08:46:2e:83:7f:27:35:91:05:
         ec:15:88:ab:dc:50:cf:49:99:5b:f4:66:ac:db:3b:e6:ab:eb:
         e9:a7:ad:52:3f:d2:9c:6e:47:fb:95:f1:2a:e6:82:76:9d:52:
         d6:8a:89:ce:b0:4c:d2:ce:9e:c9:24:44:f1:1a:d4:84:09:51:
         46:2c:b8:b3:da:67:00:4b:57:8c:4f:2a:00:7b:d6:79:75:54:
         68:48:c1:3d:f4:7c:e5:db:7a:b1:1c:51:32:58:7c:72:91:a6:
         24:28:37:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZy+Npu8E9xuwSulA4+oHFlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjY2M4MmE1YmVlM2E5MzYzMzAzYzMzY2RjZGQzNmVmYzY4
ZjhiNDQwHhcNMjYwMzA1MTMzNjE1WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTc0MGE1OWU0MmVhNzI4M2YzM2YxZTU3NjZjMTg3ODMwZTBiZTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7egDC6iP4L6gGylt1LDw6Sf5AsCu
qdLztYT/o86e47xePF9o/JTY37lkZGHSiM4KeDYH0PlTmxpL+jMQA/So9J4xoxsy
/yux/QvvCifwMs0EScixlQwCoYC96bb8bs0wKNx9lKfRuuctcMR2Eqtwx14IITfj
vxItKZwXBVEz4VupWxpQy0TGcrBnb+kUsNKCc2az/+IYMP4k13bksDgi6kxJEmO2
w/HUt7m5HV15UtMAwZjYrUixikdo36oc6EBSGYIarHO4sF6Fdb+O+OUdmDCMQ8Cy
JIvp37LfgL9DJ74ZK0kAdzE3+HzA1XxzB3mKP+/7shTGM5vrG1LCPfsSgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE50ClnkLqcoPzPx5XZsGHgw4L4ZMB8GA1UdIwQY
MBaAFIzMgqW+46k2MwPDPNzdNu/Gj4tEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak15Q3BiN2pxVFl6QThNODNOMDI3OGFQaTBRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lYjVmZDItYjk3NC00N2M5LWI5MjQt
YmViZGExNjA4ZDA5LzEvVG5RS1dlUXVweWdfTV9IbGRtd1llRERndmhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lYjVmZDItYjk3NC00N2M5LWI5MjQtYmViZGExNjA4ZDA5
LzEvak15Q3BiN2pxVFl6QThNODNOMDI3OGFQaTBRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBucC4MA0G
CSqGSIb3DQEBCwUAA4IBAQCaERZD7T+J8SoUhfJAjLM+k8qrxJqBKNDTSi9UCYYd
CfUB5+bL2g86aX9dO1JTcAGydKueF12P7tgvpAyCllzSyGM+TFHEXjYxBv8Db56/
ng7mEte2au1zJzvVhxhIDwszQb7aVfmBECLgPLUWTPOKs9wBFJn0iiOiABFBzR39
9B+oXR1XD2eiCcrE31yGOy48mBsq9e0cFPAIRi6Dfyc1kQXsFYir3FDPSZlb9Gas
2zvmq+vpp61SP9Kcbkf7lfEq5oJ2nVLWionOsEzSzp7JJETxGtSECVFGLLiz2mcA
S1eMTyoAe9Z5dVRoSME99Hzl23qxHFEyWHxykaYkKDcU
-----END CERTIFICATE-----